research-article

Teaching Web-Attacks on a Raspberry Pi Cyber Range

Authors:

Nathaniel Stickney,

Daniel Hawthorne,

Suzanne J. MatthewsAuthors Info & Claims

SIGITE '20: Proceedings of the 21st Annual Conference on Information Technology Education

Pages 324 - 329

https://doi.org/10.1145/3368308.3415364

Published: 07 October 2020 Publication History

Abstract

Cyber ranges are an important tool for teaching cyber security techniques. However, setting up a cyber range for classroom use can be costly. Prior work on lowering the cost of cyber ranges focuses on open source solutions and virtual machines. Yet, these solutions do not reduce the cost of physical components - namely, the underlying hardware used to build the range. In this paper, we describe a prototype cyber range built out of Raspberry Pis, a type of inexpensive single board computer. To illustrate the functionality of the range, we use Docker and Docker Swarm to deploy a vulnerable web server across four Raspberry Pi nodes and assess it in an undergraduate classroom. Our cyber range costs under $250.00 to build and consumes less than 25 Watts of power. We open-source our materials and provide pre-built Docker images on Docker Hub to enable others to use our work. Our results suggest that cyber ranges built using Raspberry Pi clusters can lower cost and enhance cyber security education.

References

[1]

ABET. 2019. Criteria for Accrediting Computing Programs 2019 -- 2020. https://www.abet.org/accreditation/accreditation-criteria/criteria-for-accrediting-computing-programs-2019--2020/

[2]

Ovidiu-Gabriel Baciu-Ureche, Carlie Sleeman, William C. Moody, and Suzanne J. Matthews. 2019. The Adventures of ScriptKitty: Using the Raspberry Pi to Teach Adolescents about Internet Safety. In Proceedings of the 20th Annual SIG Conference on Information Technology Education (SIGITE'19). Association for Computing Machinery, New York, NY, USA, 118--123. https://doi.org/10.1145/3349266.3351399

[3]

Razvan Beuran, Cuong Pham, Dat Tang, Ken-ichi Chinen, Yasuo Tan, and Yoichi Shinoda. 2017. Cytrone: An integrated cybersecurity training framework. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy (ICISSP 2017). SCITEPRESS--Science and Technology Publications, Japan, 156--166. https://doi.org/10.5220/0006206401570166

[4]

R. Chadha, T. Bowen, C. J. Chiang, Y. M. Gottlieb, A. Poylisher, A. Sapello, C. Serban, S. Sugrim, G. Walther, L. M. Marvel, E. A. Newcomb, and J. Santos. 2016. CyberVAN: A Cyber Security Virtual Assured Network testbed. In MILCOM 2016 - 2016 IEEE Military Communications Conference. IEEE, Baltimore, MD, 1125--1130. https://doi.org/10.1109/MILCOM.2016.7795481

[5]

Art Conklin. 2005. The Use of a Collegiate Cyber Defense Competition in Information Security Education. In Proceedings of the 2Nd Annual Conference on Information Security Curriculum Development (InfoSecCD '05). ACM, New York, NY, USA, 16--18. https://doi.org/10.1145/1107622.1107627

Digital Library

[6]

Andreea Cotoranu and Li-Chiou Chen. 2019. Using Raspberry Pi As a Platform for Teaching Cybersecurity Concepts. In Proceedings of the 50th ACM Technical Symposium on Computer Science Education (SIGCSE '19). ACM, New York, NY, USA, 1237--1237. https://doi.org/10.1145/3287324.3287534

Digital Library

[7]

Simon J. Cox, James T. Cox, Richard P. Boardman, Steven J. Johnston, Mark Scott, and Neil S. O'Brien. 2014. Iridis-pi: a low-cost, compact demonstration cluster. Cluster Computing, Vol. 17, 2 (01 Jun 2014), 349--358. https://doi.org/10.1007/s10586-013-0282--7

[8]

Jon Davis and Shane Magrath. 2013. A survey of cyber ranges and testbeds. Technical Report DSTO-GD-0771. Defense Science and Technology Organisation Edinburgh (Australia) Cyber and Electronic Warfare Div.

[9]

Docker Inc. 2019 a. Docker: Enterprise Application Container Platform. https://www.docker.com/

[10]

Docker Inc. 2019 b. Docker Hub. https://hub.docker.com/

[11]

Docker Inc. 2019 c. Swarm mode overview. https://docs.docker.com/engine/swarm/

[12]

Docker Samples. 2019. Docker Swarm Visualizer. https://github.com/dockersamples/docker-swarm-visualizer

[13]

farisv. 2018. Cyber Jawara 2018 Final - Attack & Defense CTF services environments based on Docker. https://github.com/farisv/CJ2018-Final-CTF

[14]

Curtis Franklin. 2017. 7 University-Connected Cyber Ranges to Know Now. https://www.darkreading.com/cloud/7-university-connected-cyber-ranges-to-know-now/d/d-id/1331224

[15]

GenCyber. 2019. 2019 GenCyber Call for Proposal. https://www.gen-cyber.com/proposals/rfp/gc-2019/)

[16]

Google. 2019. google/gvisor. https://github.com/google/gvisor

[17]

R. Guiler. 2018. Building a Cyber Training Range on a Budget. https://www.youtube.com/watch?v=NQaVqN1HFPs

[18]

Wajdi Hajji and Fung Po Tso. 2016. Understanding the Performance of Low Power Raspberry Pi Cloud for Big Data. Electronics, Vol. 5, 2 (2016). https://doi.org/10.3390/electronics5020029

[19]

Bil Hallaq, Andrew Nicholson, Richard Smith, Leandros Maglaras, Helge Janicke, and Kevin Jones. 2018. CYRAN: a hybrid cyber range for testing security on ICS/SCADA systems. In Cyber Security and Threats: Concepts, Methodologies, Tools, and Applications. IGI Global, UK, 622--637. https://doi.org/10.4018/978--1--5225--5634--3.ch033

[20]

Joint Task Force on Cybersecurity Education. 2017. ACM/IEEE/AIS SIGSEC/IFIP Cybersecurity Curricular Guideline. Technical Report CSEC2017. ACM, IEEE, AIS, IFIP. 121 pages. https://cybered.hosting.acm.org/wp/

[21]

Martin Kalúz, Ltextquotesingle ubovs vCirka, Richard Valo, and Miroslav Fikar. 2014. ArPi Lab: A Low-cost Remote Laboratory for Control Education. IFAC Proceedings Volumes, Vol. 47, 3 (2014), 9057 -- 9062. https://doi.org/10.3182/20140824--6-ZA-1003.00963 19th IFAC World Congress.

[22]

Jalal Kawash, Andrew Kuipers, Leonard Manzara, and Robert Collier. 2016. Undergraduate Assembly Language Instruction Sweetened with the Raspberry Pi. In Proceedings of the 47th ACM Technical Symposium on Computing Science Education (SIGCSE '16). ACM, New York, NY, USA, 498--503. https://doi.org/10.1145/2839509.2844552

Digital Library

[23]

Joshua Kiepert. 2013. Creating a raspberry pi-based beowulf cluster. Technical Report. Boise State University. 1--17 pages.

[24]

H. Kim, J. Kim, and Y. Ko. 2014. Developing a cost-effective OpenFlow testbed for small-scale Software Defined Networking. In 16th International Conference on Advanced Communication Technology. 758--761. https://doi.org/10.1109/ICACT.2014.6779064

[25]

Alex Knisely. 2019. UA joins Ohio Cyber Range in $1.18M agreement. https://www.uakron.edu/im/news/ua-joins-ohio-cyber-range-in-1--18m-agreement/

[26]

A. K. Kyaw, Yuzhu Chen, and J. Joseph. 2015. Pi-IDS: evaluation of open-source intrusion detection systems on Raspberry Pi 2. In 2015 Second International Conference on Information Security and Cyber Forensics (InfoSec). 165--170. https://doi.org/10.1109/InfoSec.2015.7435523

[27]

Suzanne J. Matthews, Joel C. Adams, Richard A. Brown, and Elizabeth Shoop. 2018. Portable Parallel Computing with the Raspberry Pi. In Proceedings of the 49th ACM Technical Symposium on Computer Science Education (SIGCSE '18). ACM, New York, NY, USA, 92--97. https://doi.org/10.1145/3159450.3159558

Digital Library

[28]

Sang Oh. 2019 a. Docker Hub Cyber Range Image for Raspberry Pi. https://hub.docker.com/r/sko9370/rpi

[29]

Sang Oh. 2019 b. sko9370/CyberRangePi. https://github.com/sko9370/CyberRangePi

[30]

Opsxcq. 2018. opsxcq/docker-vulnerable-dvwa. https://github.com/opsxcq/docker-vulnerable-dvwa

[31]

P3 International. 2019. Kill A Watt Meter - Electricity Usage Monitor. http://www.p3international.com/products/p4400.html

[32]

C. Pahl, S. Helmer, L. Miori, J. Sanin, and B. Lee. 2016. A Container-Based Edge Cloud PaaS Architecture Based on Raspberry Pi Clusters. In 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops (FiCloudW). 117--124. https://doi.org/10.1109/W-FiCloud.2016.36

[33]

Cuong Pham, Dat Tang, Ken-ichi Chinen, and Razvan Beuran. 2016. CyRIS: A Cyber Range Instantiation System for Facilitating Security Training. In Proceedings of the Seventh Symposium on Information and Communication Technology (SoICT '16). ACM, New York, NY, USA, 251--258. https://doi.org/10.1145/3011077.3011087

Digital Library

[34]

PiRacks. 2019. PiRacks Raspberry Pi (3, 2, 1 A, 1 B, Zero) Clear Acrylic 4-Stacker Rack Enclosure Box Storage System Case. https://www.amazon.com/dp/B077D4J3M5

[35]

Nicole M Radziwill. 2017. Virginia Cyber Range. Software Quality Professional, Vol. 19, 4 (2017), 46.

[36]

Arvind S Raj, Bithin Alangot, Seshagiri Prabhu, and Krishnashree Achuthan. 2016. Scalable and Lightweight $$CTF$$ Infrastructures Using Application Containers (Pre-recorded Presentation). In 2016 $$USENIX$$ Workshop on Advances in Security Education ($$ASE$$ 16) .

[37]

Raspberry Pi Foundation. 2019. Raspberry Pi 3 Model B+. https://www.raspberrypi.org/products/raspberry-pi-3-model-b-plus/

[38]

Paul Sroufe, Steve Tate, Ram Dantu, and Ebru Celikel Cankaya. 2010. Experiences During a Collegiate Cyber Defense Competition. Journal of Applied Security Research, Vol. 5, 3 (2010), 382--396. https://doi.org/10.1080/19361611003601280

[39]

Michael F Thompson and Cynthia E Irvine. 2018. Individualizing Cybersecurity Lab Exercises with Labtainers. IEEE Security & Privacy, Vol. 16, 2 (2018), 91--95.

[40]

F. P. Tso, D. R. White, S. Jouet, J. Singer, and D. P. Pezaros. 2013. The Glasgow Raspberry Pi Cloud: A Scale Model for Cloud Computing Infrastructures. In 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops. IEEE, Philadelphia, PA, 108--112. https://doi.org/10.1109/ICDCSW.2013.25

[41]

Tyler. 2019. How to run a Raspberry Pi cluster with Docker Swarm. https://howchoo.com/g/njy4zdm3mwy/how-to-run-a-raspberry-pi-cluster-with-docker-swarm

[42]

Viginia Business. 2017. Virginia Cyber Range to grow under new agreement. http://www.virginiabusiness.com/reports/article/virginia-cyber-range-to-grow-under-new-agreement

[43]

Giovanni Vigna. 2004. iCTF. https://ictf.cs.ucsb.edu/

[44]

Giovanni Vigna, Kevin Borgolte, Jacopo Corbetta, Adam Doupé, Yanick Fratantonio, Luca Invernizzi, Dhilung Kirat, and Yan Shoshitaishvili. 2014. Ten Years of iCTF: The Good, The Bad, and The Ugly. In 2014 USENIX Summit on Gaming, Games, and Gamification in Security Education (3GSE 14). USENIX Association, San Diego, CA, 7. http://www.usenix.org/conference/3gse14/summit-program/presentation/vigna

[45]

Adam H. Villa. 2016. Hands-on Computer Security with a Raspberry Pi. J. Comput. Sci. Coll., Vol. 31, 6 (June 2016), 4--10. http://dl.acm.org/citation.cfm?id=2904446.2904447

[46]

Jan Vykopal, Radek Ovslejvsek, Pavel Celeda, Martin Vizvary, and Daniel Tovarvnák. 2017. Kypo cyber range: Design and use cases. In Proceedings of the 12th International Conference on Software Technologies (ICSOFT), Vol. 1. SciTePress, Czech Republic, 310--321. https://doi.org/10.5220/0006428203100321

[47]

J. Vykopal, M. Vizvary, R. Oslejsek, P. Celeda, and D. Tovarnak. 2017. Lessons learned from complex hands-on defence exercises in a cyber range. In 2017 IEEE Frontiers in Education Conference (FIE). IEEE, Indianapolis, IN, USA, 1--8. https://doi.org/10.1109/FIE.2017.8190713

[48]

Michael Wirth and Judi McCuaig. 2014. Making Programs With The Raspberry Pi. In Proceedings of the Western Canadian Conference on Computing Education (WCCCE '14). ACM, New York, NY, USA, Article 17, 5 pages. https://doi.org/10.1145/2597959.2597970

Digital Library

[49]

Xiaoyang Zhong and Yao Liang. 2016. Raspberry Pi: An Effective Vehicle in Teaching the Internet of Things in Computer Science and Engineering. Electronics, Vol. 5, 3 (2016), 9. https://doi.org/10.3390/electronics5030056

Cited By

Mills AWhite JLegg P(2024)GoibhniUWE: A Lightweight and Modular Container-Based Cyber RangeJournal of Cybersecurity and Privacy10.3390/jcp40300294:3(615-628)Online publication date: 24-Aug-2024
https://doi.org/10.3390/jcp4030029
Crabb JHundhausen CGebremedhin AStephenson BStone JBattestilli LRebelsky SShoop L(2024)A Critical Review of Cybersecurity Education in the United StatesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630757(241-247)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630757
Balto KYamin MShalaginov AKatt B(2023)Hybrid IoT Cyber RangeSensors10.3390/s2306307123:6(3071)Online publication date: 13-Mar-2023
https://doi.org/10.3390/s23063071
Show More Cited By

Index Terms

Teaching Web-Attacks on a Raspberry Pi Cyber Range

Recommendations

Portable Parallel Computing with the Raspberry Pi
SIGCSE '18: Proceedings of the 49th ACM Technical Symposium on Computer Science Education

With the requirement that parallel & distributed computing (PDC) topics be covered in the core computer science curriculum, educators are exploring new ways to engage students in this area of computing. In this paper, we discuss the use of the Raspberry ...
An Effective Seafile Dockerfile for Raspberry Pi to Make Docker YAML Files for Treehouses
Smart Computing and Communication
Abstract
Seafile is an open-source, cross-platform, self-hosting file share/sync application. It is installed and configured Seafile via Treehouses, which provides useful functions that host web services on the Tor network. There is no maintainable Docker ...
Using the Raspberry Pi in IT Education
SIGITE '19: Proceedings of the 20th Annual SIG Conference on Information Technology Education

The emergence of cybersecurity provides new opportunities for information technology (IT) education, including use of inexpensive Raspberry Pi devices. In Fall of 2017, the College of IST at the Pennsylvania State University created a separate bachelors ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SIGITE '20: Proceedings of the 21st Annual Conference on Information Technology Education

October 2020

446 pages

ISBN:9781450370455

DOI:10.1145/3368308

General Chairs:
Deepak Khazanchi
University of Nebraska at Omaha, USA
,
Harvey Siy,
Program Chairs:
George Grispos,
Tenace Kwaku Setor
University of Nebraska at Omaha, USA

Copyright © 2020 Public Domain.

This paper is authored by an employee(s) of the United States Government and is in the public domain. Non-exclusive copying or redistribution is allowed, provided that the article citation is given and the authors and agency are clearly identified as its source.

Sponsors

SIGITE: ACM Special Interest Group on Information Technology Education

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 October 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGITE '20

Sponsor:

SIGITE

SIGITE '20: The 21st Annual Conference on Information Technology Education

October 7 - 9, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 176 of 429 submissions, 41%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
287
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)6

Reflects downloads up to 17 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mills AWhite JLegg P(2024)GoibhniUWE: A Lightweight and Modular Container-Based Cyber RangeJournal of Cybersecurity and Privacy10.3390/jcp40300294:3(615-628)Online publication date: 24-Aug-2024
https://doi.org/10.3390/jcp4030029
Crabb JHundhausen CGebremedhin AStephenson BStone JBattestilli LRebelsky SShoop L(2024)A Critical Review of Cybersecurity Education in the United StatesProceedings of the 55th ACM Technical Symposium on Computer Science Education V. 110.1145/3626252.3630757(241-247)Online publication date: 7-Mar-2024
https://dl.acm.org/doi/10.1145/3626252.3630757
Balto KYamin MShalaginov AKatt B(2023)Hybrid IoT Cyber RangeSensors10.3390/s2306307123:6(3071)Online publication date: 13-Mar-2023
https://doi.org/10.3390/s23063071
Sharma SPelletier JStackpole B(2023)A Common Pentest Output Schema for Business Intelligence System Ingestion2023 46th MIPRO ICT and Electronics Convention (MIPRO)10.23919/MIPRO57284.2023.10159688(1311-1316)Online publication date: 22-May-2023
https://doi.org/10.23919/MIPRO57284.2023.10159688
Idris MSyarif IWinarno I(2022)Web Application Security Education Platform Based on OWASP API Security ProjectEMITTER International Journal of Engineering Technology10.24003/emitter.v10i2.705(246-261)Online publication date: 16-Dec-2022
https://doi.org/10.24003/emitter.v10i2.705
Karagiannis SNtantogian CMagkos ERibeiro LCampos L(2021)PocketCTF: A Fully Featured Approach for Hosting Portable Attack and Defense Cybersecurity ExercisesInformation10.3390/info1208031812:8(318)Online publication date: 8-Aug-2021
https://doi.org/10.3390/info12080318

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents